“Larger banks are getting harder to penetrate since they’ve invested in security for years. They’ve had their big breach through which they get religion, they get spend [more budget] and they get harder,” said Bill Stewart, an EVP with Booz Allen BAH 0.69% . “Now, the adversaries are moving down the food chain.” In practice, this means the same hackers who once targeted big banks are seeking easier prey: credit unions, small hedge funds, PR firms, and a wide variety of other mid-tier enterprises.

The attackers are led by mafia-like criminal gangs but also outfits like Lazarus, which hit the Bangladesh central banks, and which is widely believed to be tied to the government of North Korea. According to McArdle of eSentire, some nation states are expanding their hacking targets as a way to fund their cyber-military capacities.

He added that the mid-tier firms, now the targets of hackers of all stripes, can be defined as companies that lack resources for chief security officers, and other full-time defense operations.

If you are a financial institution, there is no excuse for not having full-time defensive operations, or a 24/7 security operations center.

SCOTT (すこっと)

Scott (すこっと) is a cyber security, threat intelligence strategist, and technology evangelist working and living in Tokyo. In addition to his day job, Scott is fascinated by the future of computing, the technology industry, privacy, encryption, mobile apps, politics, & Japan. Scott enjoys taking pictures with his iPhone and sharing them freely online, primarily on Instagram.